Mike,
I see that you are using the JDBC realm...Are you using tomcat as a
standalone server?
> -----Original Message-----
> From: Mike Slinn [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 05, 2001 3:25 PM
> To: [EMAIL PROTECTED]
> Subject: RE: JDBC Realm not triggering
>
>
> Ignacio:
>
> I realize that only by accessing a protected resource should
> the JDBC realm
> be triggered. You might notice (in the web.xml listed below) that I
> attempted to make every JSP protected, so any access to a JSP
> would force
> authentication. Still no luck with triggering, however.
>
> I didn't get any response to my query, and I'm still facing
> the unresolved
> issue. As well, I would appreciate anyone being kind enough
> to answer the
> extra questions I had added to the end of my original query:
> - If I omit <transport-guarantee>, does it default to NONE?
> - Is it possible to use * for <http-method> to specify that all HTTP
> methods are to be subject to security?
> - I would like to use a numeric column in the database to
> store the user
> authentication level, rather than a text string. Can the
> JDBC realm be set
> up to work this way, or must I subclass a new realm class?
>
> I have a new question:
> - Another participant in this listserv mentioned that TomCat
> 3.2.1's JDBC
> realm doesn't use connection pooling. Any idea if TomCat 4.x
> will implement
> this? I want to support a high traffic site, and without
> using connection
> pooling authentication will bog down.
>
> Mike Slinn
>
>
> From: "Ignacio J. Ortega" <[EMAIL PROTECTED]>
> Subject: RE: JDBC Realm not triggering
> Message-ID: <80F5674514B4D311BAFC0040F6A45EEE0EC117@ntserver>
>
> Please revise http://localhost:8080/examples/jsp/security/protected ..
>
> The problem is that you need to access a protected resource for FORM
> auth to work.., not directly the Login form....in the config below ..
> you need to acess a url with the form
> http://localhost:8080/context/pwAdmin/ i.e ( i dont know the
> exact name
> of the context .. try substitute "context" with the right one
> ).. after
> that Tomcat tries to authenticate the user prior to access
> the resource
> .. showing the login form.. when you make a correct
> authentication.. =
> it
> redirect the form the login page to the original protected resource ..
> does not have sense to try to access directly the login form..
>
> Saludos ,
> Ignacio J. Ortega
>
> > -----Mensaje original-----
> > De: Herchel Wojciech [mailto:[EMAIL PROTECTED]]
> > Enviado el: lunes 5 de marzo de 2001 8:14
> > Para: '[EMAIL PROTECTED]'
> > Asunto: ODP: JDBC Realm not triggering
> >=20
> >=20
> > same problem here - still don't know how to solve it :(
> >=20
> > vVolf
> >=20
> >=20
> > > -----Oryginalna wiadomooe=E6-----
> > > Od: Mike Slinn [mailto:[EMAIL PROTECTED]]
> > > Wys=B3ano: 2 marca 2001 18:59
> > > Do: [EMAIL PROTECTED]
> > > Temat: JDBC Realm not triggering
> > >=20
> > >=20
> > > I feel like I sailed off the edge of the known universe,=20
> > > because there isn't
> > > much documentation for form-based authentication using JDBC=20
> > realms (at
> > > least, none that I could find, beyond the short=20
> > > JDBCRealm.howto included in
> > > the TomCat docs).
> > >=20
> > > I am using Windows NT Server 4sp6 with JDK1.3 and Tomcat 3.2.1.
> > >=20
> > > I made the following changes to server.xml:
> > >=20
> > > <!-- <RequestInterceptor=20
> > > className=3D"org.apache.tomcat.request.SimpleRealm"
> > > debug=3D"0" /> -->
> > > <RequestInterceptor =
> className=3D"org.apache.tomcat.request.JDBCRealm"
> > > debug=3D"99"
> > > driverName=3D"org.gjt.mm.mysql.Driver"
> > > connectionURL=3D"jdbc:mysql://blahblah.com:3306/database"
> > > connectionName=3D"secret"
> > > connectionPassword=3D"secret"
> > > userTable=3D"Users" userNameCol=3D"userId"=20
> > userCredCol=3D"userPassword"
> > > userRoleTable=3D"UserPriv" roleNameCol=3D"privLevel" />
> > >=20
> > > The database tables exist, exactly as shown in=20
> > > <RequestInterceptor>, since
> > > mySql is case-sensitive w.r.t. table names.
> > >=20
> > > Here is a piece of my web.xml:
> > >=20
> > > <security-constraint>
> > > <web-resource-collection>
> > > <web-resource-name>developer</web-resource-name>
> > > <url-pattern>/pwAdmin/*</url-pattern>
> > > <url-pattern>/pwModerator/*</url-pattern>
> > > <url-pattern>/pwNormal/*</url-pattern>
> > > <url-pattern>/pwPortal/*</url-pattern>
> > > <url-pattern>/pwTest/*</url-pattern>
> > > <http-method>get</http-method>
> > > <http-method>post</http-method>
> > > </web-resource-collection>
> > >=20
> > > <auth-constraint>
> > > <role-name>developer</role-name>
> > > </auth-constraint>
> > >=20
> > > <user-data-constraint>
> > > <transport-guarantee>NONE</transport-guarantee>
> > > </user-data-constraint>
> > > </security-constraint>
> > >=20
> > > <login-config>
> > > <auth-method>FORM</auth-method>
> > > <realm-name>JDBC</realm-name>
> > > <form-login-config>
> > > <form-login-page>/index.html</form-login-page>
> > > <form-error-page>/register.jsp</form-error-page>
> > > </form-login-config>
> > > </login-config>
> > >=20
> > > <security-role>
> > > <role-name>developer</role-name>
> > > </security-role>
> > >=20
> > >=20
> > > Here is the authentication form:
> > > <form method=3D"POST" action=3D"j_security_check">
> > > Login id: <input type=3D"text" name=3D"j_username" size=3D"8"
> > > class=3DformStyle><br>
> > > Password: <input type=3D"password" name=3D"j_password" =
> size=3D"8"
> > > class=3DformStyle><br>
> > > <input type=3D"submit" value=3D" Log In " =
> name=3D"LogIn"
> > > class=3DformStyle>
> > > </form>
> > >=20
> > >=20
> > > When I press the submit button, I get the following error:
> > > HTTP 404 - File not found
> > > The url reported is http://localhost:8080/j_security_check
> > >=20
> > > Somehow the form action is not being picked up by the=20
> > TomCat security
> > > mechanism. What have I missed?
> > >=20
> > > A few more questions:
> > > - If I omit <transport-guarantee>, does it default to NONE?
> > > - Is it possible to use * for <http-method> to specify=20
> > that all HTTP
> > > methods are to be subject to security?
> > > - I would like to use a numeric column in the database to=20
> > > store the user
> > > authentication level, rather than a text string. Can the=20
> > > JDBC realm be set
> > > up to work this way?
> > > - I found very little documentation regarding form-based=20
> > > authentication
> > > using JDBC realms. Can you point me to some more?
> > >=20
> > > ... thanks
> > > Mikecx
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
